<?php

namespace mpend\filters;

use Yii;
use yii\base\Action;
use yii\web\Request;
use yii\web\User;
use yii\helpers\ArrayHelper;

/**
 * This class represents an access rule defined by the [[AccessControl]] action filter.
 *
 * @author emhome <emhome@163.com>
 * @since 1.0
 */
class AccessRule extends \yii\filters\AccessRule {

    /**
     * Checks whether the Web user is allowed to perform the specified action.
     * @param Action $action the action to be performed
     * @param User|false $user the user object or `false` in case of detached User component
     * @param Request $request
     * @return bool|null `true` if the user is allowed, `false` if the user is denied, `null` if the rule does not apply to the user
     */
    public function allows($action, $user, $request) {
        if ($request->isOptions) {
            $allowOrigins = ArrayHelper::getValue(Yii::$app->params, 'crossDomains', []);
            if (in_array($request->origin, $allowOrigins)) {
                return true;
            }
        }
        return parent::allows($action, $user, $request);
    }

}
